- Cilium operates at L3/L4 to provide trasitional networking and security services
- It also works at L7 to provide application level servies like gRPC, HTTP, Kafka
- Cilium inserts itself in the kernel at
- Network IO
- Application Sockets and Tracepoints to implement security and visibility.
- Intelligent Routing
- Cilium can do more intelligent routing other than opening or blocking a port
- Allow all HTTP requests with method GET and path /public/.*. Deny all other requests.
- Allow service1 to produce on Kafka topic topic1 and service2 to consume on topic1. Reject all other Kafka messages.
- Require the HTTP header X-Token: [0-9]+ to be present in all REST calls.
- More examples of policies at https://docs.cilium.io/en/stable/policy/#layer-7
- Cilium can do more intelligent routing other than opening or blocking a port
- Service to Service Communication
Comments
Post a Comment